Preventing 2022’s Application Security Fails: What We Can Learn

/in


As the number of risks and security attacks grows, 2022 left us with a vast list of incidents to learn from, demonstrating the significance of prioritizing security more. The following list includes significant incidents and failures from 2022.

Notable Data Breaches

2.5 Million Records Leaked from Student Loan Data Breach

In June 2022, a data breach at student loan servicer Nelnet resulted in the disclosure of more than 2.5 million individuals’ private information.

On August 17, 2022, the inquiry came to the conclusion that from June until July 22, 2022, an unidentified third party had access to the student loan account registration data due to a vulnerability in the web portal, which included names, home and email addresses, phone numbers, and social security numbers.

Optus Leak Exposed 11 Million People’s Medical and Personal Data

On September 22, 2022, the Australian telecommunications firm Optus had a severe data breach that exposed the personal information of 11 million users.

Customers’ names, dates of birth, phone numbers, email and home addresses, driver’s licenses and/or passport numbers, and Medicare ID numbers were among the data obtained.

After Optus declined to pay a ransom sought by the hacker, files containing this private information were shared on a hacking site. Victims of the attack also said that the alleged hacker called them and demanded they pay AU$2,000 (US$1,300) or their data would be sold to other malicious parties.

The Optus data breach happened due to an unsecured and publicly accessible API. This API does not require user authentication before allowing a connection to be established. Because there was no authentication mechanism, anybody who found the API on the internet may connect to it without entering a username or password.

Twitter Accused of Hiding Data Breach Affecting Millions

On November 23, 2022, Los Angeles-based cyber security specialist Chad Loder posted about a Twitter data breach that impacted “millions” in the US and EU. Loder stated the data breach happened “no earlier than 2021” and “had not been notified previously”. Twitter had disclosed a data breach that compromised millions of user accounts in July…

Source…